post
/public_api/v1/audits/management_logs
Get audit management logs. - Response is concatenated using AND condition (OR is not supported). - Maximum result set size is 100. - Offset is the zero-based number of incidents from the start of the result set.
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/audits/management_logs" \
-d '{
"request_data" : {
"search_from" : 0,
"sort" : {
"field" : "type",
"keyword" : "desc"
},
"filters" : {
"field" : "field",
"value" : "value",
"operator" : "operator"
},
"search_to" : 6
}
}'
Response
{
"reply": {
"total_count": 1,
"result_count": 1,
"data": [
{
"AUDIT_ID": 1,
"AUDIT_OWNER_NAME": "User Name",
"AUDIT_OWNER_EMAIL": "username@paloaltonetworks.com",
"AUDIT_ASSET_JSON": "{}",
"AUDIT_ASSET_NAMES": "",
"AUDIT_HOSTNAME": "",
"AUDIT_RESULT": "SUCCESS",
"AUDIT_REASON": "",
"AUDIT_DESCRIPTION": "",
"AUDIT_ENTITY": "AUTH",
"AUDIT_ENTITY_SUBTYPE": "Login",
"AUDIT_SESSION_ID": 382303947890,
"AUDIT_CASE_ID": 473829372,
"AUDIT_INSERT_TIME": 1565074114053
}
]
}
}
Request
Body
optional
Note: You can send a request to retrieve either all or filtered results.
Example:
{"request_data":{"search_from":0,"search_to":19,"sort":{"field":"type","keyword":"asc"},"filters":[{"field":"type","operator":"in","value":["AUTH"]},{"field":"sub_type","operator":"in","value":["login"]},{"field":"result","operator":"in","value":["SUCCESS"]},{"field":"timestamp","operator":"lte","value":1565074114053}]}}
request_data
required
A dictionary containing the API request fields.
An empty dictionary returns all results.
search_from
optional
Integer
An integer representing the starting offset within the query result set from which you want management logs returned.
Management logs are returned as a zero-based list. Any log indexed less than this value is not returned in the final result set and defaults to zero.
search_to
optional
Integer
An integer representing the end offset within the result set after which you do not want management logs returned.
Logs in the management log list that are indexed higher than this value are not returned in the final results set. Defaults to 100, which returns all logs to the end of the list.
sort
optional
Identifies the sort order for the result set. By default the sort is defined as creation-time and desc.
field
optional
String
(Enum)
Allowed values:
type
sub-type
result
keyword
optional
String
(Enum)
Allowed values:
asc
desc
filters
optional
Array of filter fields.
field
optional
String
operator
optional
String
value
optional
String
Responses
Successful response
Body
reply
optional
JSON object containing the query result.
total_count
optional
Integer
Number of total results of this filter without paging.
result_count
optional
Integer
Number of returned items.
data
optional
Array
List of audit items.
AUDIT_ID
optional
Integer
AUDIT_OWNER_NAME
optional
String
AUDIT_OWNER_EMAIL
optional
String
AUDIT_ASSET_JSON
optional
String
AUDIT_ASSET_NAMES
optional
String
AUDIT_HOSTNAME
optional
String
AUDIT_RESULT
optional
String
AUDIT_REASON
optional
String
AUDIT_DESCRIPTION
optional
String
AUDIT_ENTITY
optional
String
(Enum)
Allowed values:
LIVE_TERMINAL
RULES
RULES_EXCEPTIONS
AUTH
RESPONSE
INCIDENT_MANAGEMENT
ALERT_MANAGEMENT
INCIDENT_TIMELINE_EVENT
ENDPOINT_MANAGEMENT
ENDPOINT_GROUPS
ALERT_WHITELIST
PUBLIC_API
DISTRIBUTIONS
STARRED_INCIDENTS
POLICY_PROFILES
DEVICE_CONTROL_PROFILES
DEVICE_CONTROL_POLICY
PROTECTION_PROFILES
DEVICE_CONTROL_PROFILE
HOST_FIREWALL_PROFILE
HOST_DISK_ENCRYPTION_PROFILE
POLICY_RULES
PROTECTION_POLICY
DEVICE_CONTROL_TEMP_EXCEPTIONS
DEVICE_CONTROL_GLOBAL_EXCEPTIONS
DEVICE_CONTROL_CUSTOM_DEVICE
GLOBAL_EXCEPTIONS
MSSP
REPORTING
DASHBOARD
BROKER_API
BROKER_VM
MTH
MDR
ALERT_NOTIFICATIONS
INTEGRATIONS
QUERY
SCRIPT_EXECUTION
ALERT_RULES
COLLECTION
API_KEY
EDL
VA_RESCAN_ENDPOINT
HI_RESCAN_ENDPOINT
REMEDIATION
INGEST_DATA
LICENSING
AGENT_CONFIGURATION
PERMISSIONS
SCORING_RULES
LAYOUT_RULES
PLAYBOOK_TRIGGERS
FEATURED_ALERT_FIELDS
SYSTEM
TENANT_TAKEOVER
SCOUTER_POLICY
SCOUTER_PROFILE
SCOUTER_GROUPS
ALLOWED_DOMAINS
QUERY_LIBRARY
TENANT_CONFIGURATION
SCOUTER_CONFIGURATION
HOST_FIREWALL
XIF
XDM
ACTION_CENTER
XCLOUD_INTEGRATION
DATASETS
XSOAR
SECURITY_SETTINGS
ALERT_EXCLUSION
INDICATOR_RULES
EVENT_FORWARDING
ASSET_INVENTORY
SERVER_SETTINGS
ASSET_ROLES
CUSTOM_FIELDS
AUTOMATION_RULES
AGENT_EXCEPTION_RULES
REMEDIATION_PATH_RULES
AUDIT_ENTITY_SUBTYPE
optional
String
AUDIT_SESSION_ID
optional
Integer
AUDIT_CASE_ID
optional
Integer
AUDIT_INSERT_TIME
optional
Integer
Bad Request. Got an invalid JSON.
Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.
Unauthorized access. User does not have the required license type to run this API.
Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.
Internal server error. A unified status for API communication type errors.
Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
err_extra
optional
String
Additional information describing the error.